π¨
SEVERITY: MEDIUM β CVSS 6.1
Security Advisory
TL;DR π
- A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface toβ¦
- No fixed release listed yet; apply mitigations and monitor.
- Workarounds are documented in the advisory.
- CVEs: CVE-2025-20310.
What happened π΅οΈββοΈ
A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.